Common website intrusion methods

Common website intrusion methods
At present, website intrusion has become very simple and the threshold is getting lower and lower. Any cainiao just needs to download the intrusion tool on the hacker's website to start intrusion. Currently, there are five common website intrusion methods: upload vulnerabilities, brute-force database, injection, bypass, and COOKIE fraud. Simple Introduction: 1. the upload vulnerability is the most prevalent among hackers in the DVBBS6.0 era. Using the Upload Vulnerability, you can directly obtain WEBSHELL, which has a high level of threat, the current intrusion upload vulnerability is also a common vulnerability. How to Use: Add/upfile to the address bar of the website. if asp displays an incorrect upload format [re-upload], there is a long-transmission vulnerability. You can find a tool that can be uploaded to obtain WEBSHELL. Tool Introduction: upload tool veteran's upload tool DOMAIN3.5. Both of these software can achieve the purpose of uploading. You can use NC or submit. What is WEBSHELL: WEBSHELL is the WEB permission, which can manage the WEB, modify the homepage content, and other permissions, but it does not have any special permissions (this depends on the Administrator's settings) generally, this permission is required to modify others' homepages. If you have been using WEB Trojans, you may know that (for example, the veteran's webmaster assistant is a WEB Trojan, Haiyang 2006 is also a WEB Trojan) this is the final Upload Vulnerability. Sometimes a server with poor permission settings can obtain the highest permission through WEBSHELL. 2. brute-force database: this vulnerability is rare today, but many other websites can exploit this vulnerability. The brute-force database is used to submit characters to obtain database files, after obtaining the database file, we have the site's front-end or back-end permissions. Method of brute-force Library: for example, the address of a website is http://www .Bkjia.com/dispbbs.asp? BoardID = 7 & ID = 161 We can change the/in the middle of com/dispbbs to % 5c. If there is a vulnerability, we can directly obtain the absolute path of the database and download it with Ray-sourcing or something. the default database path is used. http://www .Bkjia.com/is followed by conn. if asp does not modify the default database path, you can also get the database path (Note: Here/also needs to be changed to % 5c) Why is it changed to % 5c: because/is equal to % 5c in the ASCII code, sometimes the database name is/# abc. why can't mdb be implemented? Here, you need to replace # With % 23 to download the file. Why is my database file exposed. End with ASP? What should I do? This can be downloaded here. ASP. In this way, MDB can be downloaded. If it cannot be downloaded, it may be used as an anti-download function. 3. Injection Vulnerability: this vulnerability is currently the most widely used and highly lethal vulnerability. It can be said that Microsoft's official website also has an injection vulnerability. The injection vulnerability is caused by the absence of strict character filtering. You can obtain related information such as the administrator's account and password. How to use it: I will first introduce how to find a vulnerability, such as this URL. http://www . **. Com/dispbbs. asp? BoardID = 7 & ID = 161 is followed by a station ending in ID = number. We can manually add and 1 = 1 to the back of the station to see if a normal page is displayed, and 1 = 2 is added. check whether there are no vulnerabilities on the normal page. If an error is returned, the injection vulnerability exists. If the error page is returned with and 1 = 1, it indicates that no vulnerability exists, if you know whether the site has any vulnerabilities, you can use it to manually guess or use tools. Now there are many tools (such as nbsi ndsi and d domain) that can be used to guess the account password, because it was a cainiao contact, I suggest using tools, which is cumbersome to do manually. 4. Side Note: When we intrude into a station, this station may be robust and impeccable. We can find a site with the same server as this station, and then use this Site for Elevation of Privilege, sniffing and other methods to intrude into the site we want to intrude. A metaphor for the image. For example, you and I are safe on the first floor of my house, but your home is full of loopholes. Now there is a thief who wants to intrude into my house. He monitors my house (that is, scanning) if you find that there is nothing you can use, then this thief finds that it is easy for you to go to your home in the building of my house. He can first enter your home and then get the key of the entire building through your home (system permission) in this way, you will naturally get my key to access my home (website). 5. COOKIE fraud: many people do not know what cookies are, COOKIE records some of your information, such as IP address and name, sent by the website when you access the internet. How to defraud? If we already know the station number and MD5 password of the XX station administrator, but cannot crack the password (now the MD5 password can be cracked. If the website password is not only encrypted with MD5, other encryption methods are also used. If you want to analyze algorithms, it will be complicated .) We can use COOKIE fraud to implement it, change our ID to the Administrator's, and change the MD5 password to another. Tools can modify the COOKIE so that we can answer the purpose of COOKIE fraud, the system thinks you are the administrator.